Tom Caulfield and Sheryl Steckler spent decades working in the public sector, primarily in the oversight field, investigating fraud and white-collar crime in their capacities as Inspectors General. During their time in the field, both Caulfield and Steckler realized that high-level, broad standards such as those promulgated by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) (e.g., “Internal Control — Integrated Framework” and “Enterprise Risk Management — Integrated Framework”) did not provide public and private sector entities with the specificity required when dealing with procurement fraud and other unique risks.
“We realized that, after decades spent on the detective side, we wanted to spend the second half of our careers on the preventive side,” Steckler said. “We wanted to assist government and private sector companies by ensuring they could mitigate against fraud and avoid substantial financial and reputational risk.”
The two formed a company, Procurement Integrity Consulting Services, LLC, and went to work creating a blueprint for the internal control systems that are the bread and butter of oversight. But instead of a broad-based system based on the basic elements of a compliance program, Steckler and Caulfield decided to focus on procurement fraud.
Preventing fraud before it happens
COSO, the U.S. Government Accountability Office and other standards-making bodies have whole series of standards that every entity should have in place. These standards contain terms that every auditor should know, such as “control environment,” which is defined by the Institute of Internal Auditors as:
“The foundation on which an effective system of internal control is built and operated in an organization that strives to (1) achieve its strategic objectives, (2) provide reliable financial reporting to internal and external stakeholders, (3) operate its business efficiently and effectively, (4) comply with all applicable laws and regulations, and (5) safeguard its assets.”
“With procurement integrity control systems, our commitment is to procurement integrity,” Caulfield said. “So we took that general term and tailored it to procurement – we got down to the operational level, left theory, and went to the practical.”
Oversight, risk assessment, prevention, internal control systems—these terms are high up, general and don’t have user familiarity; auditors and compliance professionals may find it difficult to actually use them to test their own functional areas. In the contracting business, it is possible to take those standards and models for internal control systems and deliberately design models and standards such that a procurement function has a good control system.
“If you have a fully integrated procurement management system, from the requirement and development stage to the close out stage, and you apply a tailored procurement integrity control system,” Caulfield said, “you are now for the first time in excellent position to use data analytics’ predictive modeling to identify potential fraudulent and abusive procurement activity.”
He added, “Most data analytics has been designed to what they call ‘pay and chase,’ which means, an unlawful payment has occurred, and the company or government organization has to figure out who did it and try and get their money back. But if you have procurement data digitized from the original point of requirement through solicitation, you can now develop risk models to identify potential fraud through predictive modeling before the award of the contract. That is amazing.”
The basics of procurement integrity
Procurement Integrity Controls are defined as those organizational processes and management systems that are designed to provide reasonable assurance regarding the prevention, detection, and prompt reporting of abuse, fraud or noncompliance within organizational procurements.
The five basic components of procurement integrity systems are:
- Commitment to procurement integrity:
Demonstrated commitment to procurement integrity within an ethical culture.
- Tailored vulnerability assessment:
Focused and tailored assessment of your organization’s greatest risks to the traditional procurement fraud and abuses in today’s contracting schemes, along with noncompliance to procurement processes. Once a procurement vulnerability exposure risk assessment has identified the risk areas, the results will allow the organization to identify and design effective procurement integrity systems of controls.
- Focused protections within policy:
Sound protections built into your policies, procedures and practices tailored to the organization’s unique vulnerabilities.
- Targeted information sharing:
Targeted training and information sharing in the areas of fraud, abuse and impact in procurement policy noncompliance, to all appropriate levels within the organization.
- Identification of deficiencies:
Robust quality assurance processes that identify internal and external deficiencies in the procurement integrity controls.
For Caulfield and Steckler, the most important component is the tailored vulnerability assessment. Without a proper and thorough risk assessment, specific to procurement fraud, scamsters will slip through the cracks. According to Caulfield, there are 44 traditional fraud schemes and a thousand ways of doing them. The secret to identifying and assessing the risks is to know which search parameters to implement to identify potential fraud activity, using unstructured data.
Procurement fraud is one of the biggest issues facing investigators today. Government contracts are often the targets of scammers and opportunists.
By using an approach that is tailored to the procurement sector, companies can find and fix problems before they affect operations.